Ajax request and permissions

Yii 1.1 General Discussion
1

Hello,

Let say that I have a controller that can handle an upload from a request using ajax.

I have a form which is displayed by the create action. And since only actions are accessible from a form, I have an action that handle the upload (called upload).

So when the user use the form, everything is fine. But let say that I don’t want the user to call the upload action directly, how can I do that ?

I don’t want the user to write the upload address in his url bar. but I still want the upload action to be accessible from the form. Is is possible ?

The only solution I have found (in my case), is to check if a file is in the post otherwise I throw a 403 …

Thanks,

Maxime.

2

Your solution seems to be perfect, but there’s also a filter for that.




public function filters()

{

  return array('postOnly + upload');

}
3

Thanks a lot !

This solution is perfect, I just started Yii so I didn’t know about filters :)

For my purpose I use the AjaxOnly filter :


public function filters()

{

  return array('ajaxOnly + upload');

}

Last question : where can I find a list of all filters ?

Thanks again !

Maxime.